Zero LTK Installation

Description

Zero LTK Installation

Risk Assesment: 8.8

CWE

CVE

19194

Attack Surfaces

BLE (MITRE EMB3D PID-4111)

Security Manager Protocol (MITRE EMB3D PID-4113)

Pairing

MagicPairing

Attack Vectors

Entropy downgrade (MITRE EMB3D TID-411)

Defenses

Refuse zeroed LTKs, Check for zeroed LTKs before confirming the pairing